trusted energy-efficient cloud-based services brokerage...
TRANSCRIPT
Trusted Energy-Efficient Cloud-Based Services Brokerage
Platform
Bandar Aldawsari, Thar Baker, David England
School of Computing and Mathematical Sciences, Liverpool John Moores University
Liverpool, United Kingdom
Abstract
The use of cloud computing can increase service
efficiency and service level agreements for cloud
users, by linking them to an appropriate cloud
service provider, using the cloud services brokerage
paradigm. Cloud service brokerage represents a
promising new layer which is to be added to the
cloud computing network, which manages the use,
performance and delivery of cloud services, and
negotiates relationships between cloud service
providers and cloud service consumers. The work
presented in this paper studies the research related
to cloud service brokerage systems along with the
weaknesses and vulnerabilities associated with each
of these systems, with a particular focus on the multi-
cloud-based services environment. In addition, the
paper will conclude with a proposed multi-cloud
framework that overcomes the weaknesses of other
listed cloud brokers. The new framework aims to find
the appropriate data centre in terms of energy
efficiency, QoS and SLA. Moreover, it presents a
security model aims to protect the proposed multi-
cloud framework and highlights the key features that
must be available in multi-cloud-based brokerage
systems.
1. Introduction
Cloud computing (CC) has emerged as a new
computing paradigm for outsourcing scalable
applications and virtual hardware infrastructure (i.e.
computing units) that can be provisioned and
released with minimal management from so-called
cloud data centres. Cloud data centres can be
accessed at any time, from anywhere in the world,
via users’ heterogeneous machines which are
connected to the Internet [1]. Therefore, it represents
a shift in the geography of computation, where the
cloud resources’ physical location is not a barrier for
users and providers. In other words, users do not
need to worry about where their resources/services
are based, and/or how they can be accessed and used.
On the other hand, providers can offer their
services/resources to anyone around the globe. In
fact, cloud providers manage, control and monitor
cloud data centres to ensure that the required
services/resources conform and guarantee the service
level agreement (SLA) contract signed with their
customers. The primary economic goal is to make
these computational services available for users’
needs any time, based on a “pay-as-you-go”
billing/pricing model.
Pay-per-use was the spark for cloud users to start
heavily using, and relying on, these kinds of service,
which allowed them to easily and dynamically scale
their services/resources up or down, based on the
available resources and the scope of their SLA
agreement. This rapid growth in cloud services and
resources and cloud users has led to a significant
increase in the numbers of cloud providers and cloud
data centres. Thus, this issue has led to significant
increases in network traffic and the associated energy
consumed by the growing infrastructure (e.g. extra
servers, switches) required to respond quickly and
effectively to user requests. Consequently, cloud
users are now facing a very challenging and critical
task in selecting appropriate cloud offers and
resources to fit their requirements. In addition, if the
required recourses cannot be provided by one cloud
data centre, the provider will not be able to guarantee
quality of services (QoS) and SLAs. One approach
that could help to solve this situation would be to
enable users and their applications to be scaled out
across multiple cloud data centres [2].
However, there are three main barriers hindering
the implementation and success of the above
solution: (i) the lack of computing standards that
must be utilised and used by these heterogeneous
data centre platforms, which obstructs
communication, cooperation and coordination
between providers and results in “vendor lock-in” to
one data centre; (ii) this has, in turn, made customers
totally dependent on using services and resources
from one cloud provider, a situation which is known
as “customer lock-in”, or otherwise leads to
substantial switching costs to change provider, which
goes against cloud computing ambition; (iii) the
increasing number of data centres being used in the
multi-cloud requires a significant amount of energy
for sending, receiving and processing users’ jobs,
taking into account that each data centre consumes as
much energy as 25,000 households [3].
Therefore, the only practical way to overcome the
above issues/barriers is by using an intermediate
cloud service broker [4]. According to NIST [5] a
cloud broker “is an entity that manages the use,
performance and delivery of cloud services and
negotiates relationships between cloud providers and
International Journal of Intelligent Computing Research (IJICR), Volume 6, Issue 4, December 2015
Copyright © 2015, Infonomics Society 630
cloud consumers”. This definition is very broad and
overlaps with the cloud service provider role itself.
However, NIST was very specific in identifying the
key tasks of the cloud broker to be:
Service intermediation: improving specific
services by creating value-added services to
consumers.
Service aggregation: integrating and
combining services into one or more new
services.
Service arbitrage: choosing services from
multiple providers.
However, the above three tasks have not been
practically developed as yet, nor has much interest
been shown in an energy efficient multi-cloud
environment. In addition, Wood [6] highlighted the
expected cloud brokerage market growth, at a
compound annual growth rate (CAGR) of 45%
between 2014 and 2018. By taking into consideration
the expected growth and the problems shown above,
NIST and Gartner [5], [7], respectively, have
identified a cloud broker to be the key concern for
future cloud computing technology research and
development.
An evolving trend in utility and cloud computing
patterns, where charges are made to users in
accordance with their needs as well as application of
security features is called Security-as-a-service (Sec-
a-a-S)[8]. Therefore, there can be application of
different levels of security as a service every time it
is required on a pay-as-you-go ground. Nevertheless,
there will be a constant need of Sec-a-a-S
application, maybe in every process when system is
running, due to access of cloud broker that might
need security at various stages and levels that will
have specific roles and services. Hence, the calling
and injecting of the service in the system will be
problematic and expensive. However, this can be
easier is the process is finalised during the time of
design. Thus, it can be observed that safe cloud
service brokerage, that is, role-based access control
and differing perceptions on how systems should be
configured, observed and applied as well as the
requirement to be accomplished to carefully apply
the system since flexibility is not observed in many
cloud brokerage models methods, is associated with
various main interferences [9]. A security-oriented
model is thus established in such Multi-Cloud
Environment to try and protect cloud service
brokerage and properties that have been stored and
handled in the cloud and current rational assurances
of services’ performance and dependability.
The remainder of this paper is organised as
follows: section 2 provides a literature review related
to brokerage system, energy efficiency and security
in the cloud, section 3 discusses the limitations of
existing cloud brokers. Section 4 presents the
proposed energy-efficient model. Section 5 discusses
the network security and the associated issues, and
section 6 presents the propped security model.
Finally, section 7 highlights the future work that we
need to focus on.
2. Literature Review
2.1. Multi-Cloud Broker Architecture
InterCloud [10] is a resource management setting
which aims to connect different data centres with
each other in order to dynamically coordinate load
distribution between various Clouds based on the
topology shown in Fig. 1. In this approach, an
application can be scaled out between different data
centres that are geographically dispersed around the
world. Mostly, the resources are close to the users in
order to make the process more efficient. However,
this study does not consider energy efficiency; as the
application scales among different geographically
areas, there is a need for an energy conception
matrix.
Figure 1. Network Topology of Federated Data Centres
[10]
Another broker system has been proposed by
Yang et al. [11]; the aim is to solve the problem of
transferring bulk data in cloud computing, which
lead to problems of reservation and resource
utilisation. In this system, the broker’s job is to
reserve and select combined resources and to assign
the best to users. To select the best matched
combined resources in a dynamic way the broker
defines a new algorithm. Moreover, based on the
user’s requirement, the broker is responsible for
submitting and accepting the request after checking
the available data resources and network status.
However, scheduling can be the solution here; it can
help to allocate the user’s requests to available
correct resources and can be built into the integration
model.
Gatziu et al. [12] have designed a new cloud
broker system which can manage and govern the
International Journal of Intelligent Computing Research (IJICR), Volume 6, Issue 4, December 2015
Copyright © 2015, Infonomics Society 631
clouds for business modules. The broker here can
react to the changes in the business process by
scaling the configurations up or down or choosing a
new provider. This system performs different roles
such as service selection and integration,
understanding business processes and analysing and
detecting non-explicit changes. However, an
interface for such a system is needed to enable
consumers to select suitable services. Fig. 2 explains
how this broker handles changes.
Figure 2. How Changes Are Handled By Cloud Broker
[12]
Usha et al. [13] proposed a broker framework
architecture that can chose and select the best service
providers from amongst many, based on analyses of
the QoS requirements. They use Pareto analysis to
decide the suitable cloud provider based on two QoS
parameters, response time and throughput. In this
system, an algorithm has been defined to obtain users
QoS requirements along with the parameters that are
suitable for them. They concluded that this system
aims to select the appropriate cloud service providers
with the given criteria to share its resources. The cost
of the services should be considered here. Yet, Usha
et al. restricted their study to only two QoS
parameters: response time and throughput.
Smart cloud broker [14] is a software tool, which
allows consumers to choose from different
’infrastructure as a service’ (IaaS) clouds and buy the
one that meets their business needs and technical
requirements. Moreover, it allows consumers to
compare the performances of different (IaaS)
offerings. In this study, the authors focus on
benchmarking as a single way to measure and verify
the performance of computing resources.
Specifically, they conducted an application stack
benchmarking approach to measure the actual
performance of the application. This broker can
enable service interoperability by developing and
using services in multiple clouds through a unified
interface. However, in this system there is no
consideration for energy efficiency in relation to
energy consumed by the datacentre. Moreover, this
architecture cannot assure the best match of service
provider to user.
Hamze et al. [15] proposed a framework for self-
establishing an end-to-end service level agreement
between multiple cloud service providers and the
cloud user. They focused on QoS for IaaS and
‘network as a service’ (NaaS) services. This inter-
cloud broker works as an intermediate layer between
cloud service users (CSU) and cloud service
providers (CSP) to help establish the service level
required by users to secure the integration process. In
addition, they included the network service providers
(NSP) in the architecture in order to provide
bandwidth on demand. Hence, the CSP’s job is to
provide both IaaS and NaaS services. However, this
study does not show the way in which brokers
monitor SLAs at all levels in multiple clouds.
Han et al. [16] developed a cloud service
framework for the cloud market using a
recommender system (RS) which can help
consumers to choose suitable services from multiple
cloud providers that match their requirements. To
assist users in making decisions, they use network
QoS and service rank analysis of resources provided
by cloud providers. QoS takes account of execution
time, average execution time, response time, average
response time etc. While the service-rank considers
the quality of virtualization used by many different
platforms. However, their framework is limited only
to issues related to IaaS. Moreover, the study does
not consider energy consumption in a multi-cloud.
Fig. 3 shows the architecture of the cloud resource
recommendation system.
Figure 3. Cloud Resource Recommendation System [16]
2.2. Cloud Energy Efficiency
Gattulli et al. [17] presented a new routing
strategy to reduce the cloud network CO2 emissions
by dynamically routing/transferring the on-demand
energy-intensive data processing requests, via IP-
over-WDM networks, to data centres that are
powered primarily by renewable energy sources such
International Journal of Intelligent Computing Research (IJICR), Volume 6, Issue 4, December 2015
Copyright © 2015, Infonomics Society 632
as wind and solar. However, it can be seen clearly
that this solution helps to reduce CO2 emissions at
data centre level only.
Other complementary research shown in [18] studied
the energy consumption in both the data centre and
in data transportation to data centres. Researchers
have used optical networks and virtualisation in IP-
over-WDM architecture to save power in the data
centres and achieve green communication. Two
models are proposed in that research:
Delay-minimized provisioning (DeMiP),
which aims to select the nearest data centre
based on pre-computed distances between
nodes in virtual topology, and then virtual
links from the virtual topology are mapped on
the physical topology by utilising Dijkstras
algorithm for the shortest path.
Power-minimized provisioning (PoMiP),
which focuses on IP routers as power
consumers in the transport network and aims
to minimise the utilisation of IP router ports. It
selects the virtual link with low-power.
An interesting study in [19] presents a cloud
energy management system by using a sensor
management function and a virtual machine (VM)
allocation tool. These sensors are deployed across
multiple data centres and can be accessed and
monitored via a unified interface for those multiple
data centres. The collected data will be used and
analysed via the sensor management function
through four main phases: monitoring, calculation,
analysis and action. The study achieved a 30%
energy reduction at data centre level.
In [20] Goudarzi and Pedram found that the cloud
providers can reduce total energy consumption by
using VMs and server consolidation. This new way
of virtualisation can assign tasks through multiple
VMs to a single physical server. The study focuses
on the VM controller to determine the requirements
of the VMs and to be placed on the servers. The
framework uses a unique optimisation procedure
with the VM controller to minimise energy costs in
active servers within the data centre. By enabling
consolidation, some of the servers in the data centre
will be turned off or put into sleep mode. The study
shows that the current servers use only 50% of power
in idle mode.
2.3. Trusted Cloud-Based Systems
The platform could sufficiently be made effective
by providing cloud computing with the six Trusted
Computing elements [21]. This feature of secure
computing is still undeveloped ; though, reliable
cloud computing services are being designed by
various works [22]. The area where the fundamental
infrastructure and also the datacentres and
interconnection networks are protected is amongst
the initial, most natural areas, where the practice of
cloud computing is trusted. Evidently, cloud
resources could be secured and be separated in
virtualised environments if the operational
deployment of encrypted data storage, memory
curtaining, and secured execution areas, maybe in
terms of particular form of the Trusted Platform
Module (TPM) architecture contributes significantly
[23]. Additionally, shared modules could be
protected or limited or incursions be detected when
there is application of various methods including
watermarking. Furthermore, access to cloud
resources could be controlled through with secure
end-to-end networking and trust-based reputation
systems. Eventually, trusted network zones could be
determined by combination of reputation systems
with strong Identity and Access Management (IAM),
where role-based access control could also be
applied.
Table 1 shows a comparison between the multi-
cloud broker architectures that are mentioned above.
Table 1. Existing Broker Architectures
Models
Factors
Energy
Efficien
t Data
Centre
Data
transportin
g Energy
Efficiency
Quality
of
Service
s (QoS)
Service
level
Agreemen
t (SLA)
Securit
y
Model
Federated Inter-
cloud[10]
Service-Oriented
Broker[11]
Event-Based
cloud broker[12]
Efficient QoS
cloud broker[13]
Smart
Broker[14] Autonomic
Brokerage
Service[15]
Recommendatio
n System[16]
3. Limitations of Existing Cloud Brokers
As mentioned above, the broker should act as a
bridge between customers and providers in order to
enable them to talk to each other and negotiate a
certain service(s) using a standard language. The
existing, and well known, cloud brokers suffer from
the following issues:
They are implemented as data centre platform
dependent systems, and thus they are not
sufficient to work with other heterogeneous
platforms and infrastructure, which is an
essential feature for a multi-cloud service
broker.
There is no standard multi-cloud service
broker reference model and architecture that
should be utilised by available brokers.
There is no standard multi-cloud service
search and integration engine that could work
both horizontally between available data
International Journal of Intelligent Computing Research (IJICR), Volume 6, Issue 4, December 2015
Copyright © 2015, Infonomics Society 633
centres in a multi-cloud context, and vertically
between cloud services layers (i.e. IaaS, PaaS
and SaaS), to help users to find best-fit
services, according to their SLA, and integrate
them to serve their needs.
There is no standard multi-cloud based
service/resource modelling and description
language that can be exploited by cloud
service providers to describe their services and
offers to brokers which can also be used by
brokers to introduce and offer the available
services to their users.
There is a lack of a quality assurance and
service optimisation framework, to evaluate
SLAs, detect the failures and protect the
system.
As yet, there is no single cloud broker model
to consider the energy consumption in such a
multi-cloud environment to minimise the
energy that is consumed by cloud parties when
sending and receiving data and services.
There is a lack of service management and
automation tools that enable customers to create their
services portfolio based on legal, financial and
operational criteria, which can be scaled up, down
and out
4. Proposed Model
4.1. Overview
Our proposed model seeks to solve energy
consumption issues in broker systems and provide a
high QoS based on the SLA. It will be designed to
find the appropriate data centre in terms of energy
efficiency and QoS in multi-cloud environments.
Therefore, energy efficient routing solutions for
cloud computing are required to ensure
environmental sustainability. The data centre’s
energy consumption has prompted a great deal of
interest and work in recent years; however,
efficiency in cloud computing network energy
consumption is still in its infancy and requires
further research and development to be fully
achieved. There are two main pillars for energy
consumed during cloud computing that should be
dealt with efficiently and equally to achieve a fully
green cloud computing network: (i) the amount of
energy consumed at the data centre and (ii) the
amount of energy consumed in transporting data
between the user and the cloud data centre. The
current state-of-the-art solutions focus primarily on
improving the energy consumed at the data centres.
We propose and evaluate a high-end routing
algorithm to fill the gap. It should act as an
intermediate bridge for directing the user’s requests
to green data centres based primarily on using the
most energy efficient route to achieve a fully green
cloud computing network while making sure the
user’s requirements, e.g. response time, are met. To
accomplish this aim, we model the cloud computing
network and its power consumption to compute the
energy required by the cloud network before and
after using the algorithm proposed in[24] .
We will then formalise the interconnection
between the cloud user and a green data centre by
using a situation calculus model to define the logical
state of the network. Once the interconnection is
established and formalised, we then start calculating
the time and energy required for both transportation
and computation. A linear programming approach
will be used thereafter to model the proposed
algorithm, which will finally be evaluated against the
well-known shortest path routing policy. Fig. 4
shows the proposed cloud broker system.
Figure 4. Cloud Broker Overview
4.2. Basics and Rules
To achieve green data centres, we use the
following assumption throughout our modelling:
There are n green data centres to which a user
machine I can be connected through the internet, to
accomplish a certain task.
Therefore, one of these available data centres will
be used; it must be accessible via the selected most
energy efficient route. In other words, amongst
multiple routes to a green data centre, the most
energy efficient route will be chosen by the new
framework.
International Journal of Intelligent Computing Research (IJICR), Volume 6, Issue 4, December 2015
Copyright © 2015, Infonomics Society 634
4.3. Modelling power consumption within the
network
Modelling the power consumption of the cloud
network is an essential part of this work. One of the
most widely accepted methods for modelling power
consumption for massively distributed network
infrastructure, such as a cloud network, is based on
the specifications of telecommunications equipment
(i.e. once the quantity and type of equipment in the
network are known, the energy consumption of the
equipment can easily be calculated). However, this
approach alone cannot predict or show the actual
network architecture and structure. Once the network
architecture is known, then required components can
be identified and energy consumption can be
calculated accordingly.
A telecommunications network-based model is
an essential approach which must be used side-to-
side with our model to fill in the gap. In this
approach, the network is partitioned into a number of
parts: access network, metro/edge network, core
network, data centre and IPTV web services
network. The network model presented in Fig. 4 is a
first-cut of such a massively distributed network and,
as such, it does not include many of the fine details
of the true network structure and topology. However,
it does show the main network architecture and the
required components which are needed for the
calculation of energy consumption. The energy
consumption of the network is calculated using
manufacturers’ data on equipment quantities and
energy consumption, for a range of typical types of
equipment, for each part of the network. Using a
combination of the above two approaches helps to
calculate the power consumption of the entire
network using real world network infrastructure
components, and it also helps to predict the growth
in power consumption dependent on the network
architecture and the equipment inventory statistics
and their historical sales figures provided [ED2] by
the manufacturers.
4.4. Modelling user connectivity to data
centre
Using the algorithm proposed in [24], The
interconnection between a user machine i and a data
centre DCi, is based on the public cloud structure
shown in Fig. 5 above, which will be formalised as a
graph. Thus, between any i and a DCi, we assume
that we have an interconnection graph 𝐺𝑖 =(𝑉𝑖 , 𝑇𝑖 , 𝑃𝑖 , 𝐶𝑖 , 𝐸𝑖 , 𝐿𝑖 , 𝐵𝑖) where Vi gives a list of all
possible nodes available between any i and a DCi;
and Ti : Vi →{1,…,6} states the nodes’ types, which
can be any of six available different types of node, as
follows; each node v, where v ϵ Vi, might be: an
Ethernet switch (T(v) = 0), a broadband gateway
router (T(v) = 1), a data centre gateway router
(T(v) = 2), a provider edge router (T(v) = 3), a core
router (T(v) = 4), and a high capacity Wavelength
Division Multiplexed (WDM) transport
equipment/links (T(v) = 5), which can interconnect
the core routers, as part of the public Internet.
Pi (v) and Ci (v) states the power consumption
and the capacity of a node v ϵ Vi, respectively.
𝐸𝑖 ⊆ 𝑉𝑖 × 𝑉𝑖 Defines the interconnection nodes;
𝐿𝑖 ∶ 𝐸𝑖 → ℕ gives the latency between connected
nodes 𝐸𝐼; and finally 𝐵𝑖denotes bandwidth.
Figure 5. Network structure
4.5. Energy required for transportation
For any user’s job to be processed, we assume
that we have: the quantity of Flops that it requires
wu; the number of input bits inu to be processed; and
the number of output bits ouu to be returned.
Therefore, if we need an energy of ETsend (i) for
sending a bit from the user to the data centre and
ETrecv(i) for the inverse sending, the total energy
transportation cost required for processing Ju is:
inu.ETsend(i) +ouu.ETrecv(i). To model ETsend(i) and
ETrecv(i), we assume that data sent from a user
machine to a data centre is always routed on a path
that relies on the two point connection (the shortest
path). In using the formulae proposed in [25], the
energy required for sending one bit from a user to a
data centre is:
𝐸𝑇𝑠𝑒𝑛𝑑(𝑖) = 6(3𝑃𝑒𝑠
𝑖
𝐶𝑒𝑠𝑖
+ 𝑃𝑏𝑔
𝑖
𝐶𝑏𝑔𝑖
+𝑃𝑔
𝑖
𝐶𝑔𝑖
+2𝑃𝑝𝑒
𝑖
𝐶𝑝𝑒𝑖
+18𝑃𝑐
𝑖
𝐶𝑐𝑖
+4𝑃𝑤
𝑖
𝐶𝑤𝑖
)
(1)
where in this case, 𝑃𝑒𝑠𝑖 , 𝑃𝑏𝑔
𝑖 , 𝑃𝑔𝑖 , 𝑃𝑝𝑒
𝑖 , 𝑃𝑐𝑖 and 𝑃𝑤
𝑖
represent the power consumed by the nodes types
listed in subsection 4.4. , Ethernet switches,
broadband gateway routers, data centre gateway
routers, provider edge routers, core routers, and
International Journal of Intelligent Computing Research (IJICR), Volume 6, Issue 4, December 2015
Copyright © 2015, Infonomics Society 635
WDM transport equipment, that are located on the
path used for routing a user’s job to a DCi.
𝐶𝑒𝑠𝑖 , 𝐶𝑏𝑔
𝑖 , 𝐶𝑔𝑖 , 𝐶𝑝𝑒
𝑖 , 𝐶𝑐𝑖 and 𝐶𝑤
𝑖 are the capacities of the
corresponding equipment in bits per second. The
values Pi and Ci depend on the nodes used.
4.6. Time required for transportation
We assume a simple communication model, store
and forward, where each node waits for a complete
reception of the data before processing it. The
approximate time required for sending 𝛼 bits on a
link e ϵ Ei is equal to max {Li(e),[𝛼
𝐵(𝑒)𝑖 ] .Li(e)}.
where, as mentioned in subsection D above that,
𝐿𝑖 ∶ 𝐸𝑖 → ℕ gives the latency between connected
nodes e ϵ Ei; and Bi denotes bandwidth. The idea
behind this is that either, the bandwidth can contain
the bits to send or, we must divide the data to send it
in various blocks based on the bandwidth. Finally,
we assume that the paths pthp and pthp’ ϵ Pth were
used for sending user data in both directions; then,
the total time required for the transportation of a Job
Ju in both directions is equal to:
𝑇𝑟(𝑢, 𝑖) =
∑ max {𝐿𝑖(𝑒), [𝑖𝑛𝑢
𝐵(𝑒)𝑖
] . 𝐿𝑖(𝑒)}
𝑒ϵ 𝑝𝑡ℎ𝑝
+
∑ max {𝐿𝐼(𝑒), [𝑜𝑢𝑢
𝐵(𝑒)𝑖
] . 𝐿𝑖(𝑒)}
𝑒ϵ𝑝𝑡ℎ𝑝′
(2)
4.7. Energy and time required for
computation
Table 2. Energy Efficiency Algorithm
Algorithm1 Input, Output, Steps
INPUT: Jobs J1, …, Jm with workloads, inputs and
outputs data, and intention files; Data centres DC1, …
,DCn with energy consumption per flop and frequency;
Interconnection graphs G1, …Gn
OUPUT: Return the best solution on Z
STEPS:
1. Define, for each i , a set of paths C𝒑𝒕𝒉𝒊
that can be used for sending and
receiving data.
2. For each i, choose a pair of paths (pthp ,
pthp’ ) ϵ C𝒑𝒕𝒉𝒊
3. Compute the resulting values of ETSend(i)
and ETRecv(i) (equation 1);
4. For any job Ju and data centre DCi
compute Tr(u; i) (equation 2)
5. Run Algorithm1 and obtain Z; if it is the
best obtained value then it will be kept.
6. If there is possible combination (pthp ,
pthp’ ) that has not been explored, go to
2.
We assume that each job Ju will be processed by
a single machine in the data centre. We also assume
that each data centre DCi is made of a finite set of
homogeneous machines that consume EP(i) for
processing one flop. Therefore, for processing a job
Ju, the data centre DCi will consume wu:EP(i).
Finally, any machine in a data centre DCi needs
approximatively 𝜇(i) time units for processing one
flop. The job Ju can then be processed in
approximatively wu.𝜇(i) times units.
5. Network security
Cloud computing is effectively protected based on
broadly distributed, publicly accessible systems,
recognising the most common cyber security
susceptibilities and threats. A service, which can be
made by and network with other entities is also
shown by every connected systems as they expose
their functionalities (complex or atomic). As such, an
important aspect of supporting monitoring systems
of cloud computing, specifically cloud brokerage
systems, is called secure network connectivity,
where connection failures must be prevented by
making special care of the connection. This is
because the mission critical is dependable and
constant access to infrastructure resources of the
provider. In this context, there is evaluation of
existing effective practice in network management
filed, where its application can be applied to cloud
computing as a platform, the encryption methods to
secure the gathered data, and observing IPS services
to protect the whole network infrastructure is also
included.
5.1. Security approaches
The infrastructure, based on data security, is
effectively protected against attack by traditional
network security tools. Any production cloud service
vitally protects the network and thus, firewalls, DS
monitoring as well as other standard management
mechanisms should be applied by any public/private
provider to offer adequate security level.
Furthermore, Unified Threat Management (UTM)
systems, which can establish a kind of more subtle
attack characteristics and strong networking
mechanisms for the purpose of automatic reaction
through activating remedial measures, may be
applied [26].
The customer benefit from the fundamental
strength that is provided by the cloud broker
managing a range of services, provided that the
broker uses strong security measures, where
utilization of the individual services is vital.
However, the whole ground of customer services is
possibly susceptible if the tools are compromised.
Therefore, extra protection of services might be
needed by customers to hinder potential threats.
International Journal of Intelligent Computing Research (IJICR), Volume 6, Issue 4, December 2015
Copyright © 2015, Infonomics Society 636
Protection of the data connection, both into the
cloud and in the cloud itself is another main aspect of
securing network. As such, an effective level of
assertion regarding connection security will be
provided through encryption. Secure connections,
both into the cloud networks and between
datacenters is provided by Transport Layer Security
(TLS) connections. There might be a need for
options including IP Security (IPSec) and
Application Layer security protocols including
Secure Shell (SSH) because there might be
development of implementation-specific
vulnerabilities.
5.2. Network Resilience
Making sure that secure connections are both
constant and dependable is another aspect that
contributes to protection of cloud brokerage
platforms. A consistent and reliable connectivity
level, just like any other interference to the service
can be both expensive and extremely influence the
broader system performance, will be needed after the
services are moved into the cloud. Thus, this is
identified to have two aspects: a) strengthening the
current best-effort IP routing mechanisms in the
Internet with additional redundancy and b)
mitigating malicious denial of service attacks [26].
Since best-effort routing architecture that mostly
proves dependable provides no assurance of end-to-
end connectivity, the initial aspect is made important
by the essential IP. Therefore, technical failures,
heavy load on superseding networks, errors in
routing, or other issues, may lead to dropping or
failing of connections. Evidently, there can be
implementation of various methods to enhance
network dependability as severe requirements are
present in regard to connectivity. For instance,
connection risks can be decreased by making sure
that the capacity is not surpassed, where this can be
attained through QoS mechanisms. Secondly, more
paths from the customer to the cloud, based on offer
more connection paths, can be guaranteed by the
application of route redundancy [26].
Malicious activity, in the second aspect, may
threaten connectivity to the cloud and this can be via
Denial of Service (DoS) attacks, where this is
currently applied by the Anonymous group in
reaction to Julian Assange’s arrest [27]. Many
recurrent requests are made by DoS attacks to
overpower the infrastructures of the provider, where
a particular point in the network is their focus. These
DoS attacks are distributed to many sources on the
Internet and displayed or developed through the
usage of legitimate network services, thus making
their detection more complicated. Currently, there
have been efforts made to develop countermeasures
of diagnosing and overwhelming DoS attacks. These
efforts are shown in latest attacks on the CloudFlare
system.
5.3. Multi-clouds brokerage Threats
The threats that cloud computing encounter are
similar to most corporate networks. The increased
number of collaborative parties in a multi-clouds
environment such as cloud broker leads to an
increased number of connections via networked
systems and thus increases the system exposure to
threats [26]. The major vulnerabilities in cloud
computing brokerage system are therefore as a direct
result of the ubiquitous nature of using cloud-based
networked systems, as follows:
The system is now able to deliver and
integrate services from any location or
vendor.
Authorised users should be able to interact
with the services from anywhere at any
time.
As a result, there are a number of networking
threats that should be considered as relevant here:
Insider attacks, Equipment failures, End-to-end
issues, Data loss or corruption, DDoS attacks, Cyber
threats and hacking attacks, Espionage
These threats may be innocent or malicious;
however, the fundamental issue is that the most of
Critical Infrastructure is denied access to its data or
services or that its confidential data may fall into the
hands of another party. Thus, these represent the core
requirements that must be met in our work.
6. Proposed security model
6.1. Model Requirements
The security, integrity and exploited service
availability will be the three core concerns for
brokerage systems. Thus, the major requirements
will include: (a) actual time support for such services
to offer an effective availability level in the event of
faults and recurrent connectivity; (b) scalability to
enhance the service to be capable of coping with
very bigger volumes of data that are being streamed
at a adjustable rate; (c) practical assurance e.g.
dependability and flexibility to reduce downtime;(d)
legal assurances that can be specified by the
customer and then receive a fine extent of control in
regard to the service hosting and data repetition
strategy applied part of the Service Level Agreement
(SLA).
The lack of strong security and user verification
in usual cloud platforms as well as the restricted
control and observing of replication of data and
location of service inside the cloud is the major
crucial issues.
International Journal of Intelligent Computing Research (IJICR), Volume 6, Issue 4, December 2015
Copyright © 2015, Infonomics Society 637
6.2. Model Features and Functionality
The fact that functionalities (complex or atomic)
as-a-service, which can be made by and involved
with other systems that are subscribed to the cloud
platform, are exposed by every connected systems
makes the main idea of the proposed solutions. The
solution given in [26] forms the basis of the
suggested solution. The provision of additional data
integrity as well as protection to reduce the risk of
mission crucial services that are being interrupted or
removed by equipment/network failures or attack
will be the focus of the model. Thus, about three
main services, that is, Service Planning, End-to-End
Security, and Monitoring and Policing, as shown in
Fig. 6, will be the target.
Figure 6. Network Security Model
This model will be then organised as elements in
the cloud broker through a ‘toolbox’. However,
establishment of a Multilevel User Access Control
service, as part in the Monitoring and Policing, will
be the focus of this model.
One the other hand, misuse or attack through
MultiLevel User Access Control (MLAC) will be
protected by the aspect of monitoring and policing
with a purpose of making sure that there is security
in the system as well as attaining the conditions of
the SLA. Establishment of the particular users to
gain access to various parts of the platform, in terms
of the requirements, will be achieved through
replication and extension of broker role-base
authentication schemes by the MLAS system.
Assurance that the SLA is being applied will be
offered to both the user and cloud provider through
monitoring. In addition to this, the effectiveness of
the platform can be determined by this technique.
Furthermore, the cloud will be protected against
threats and attacks through offering support to
particular UTM systems. Then, strong networking
services that are in terms of Software Defined
Networking mechanisms will be added to counter the
attack patterns are have been identified.
7. Conclusion and future work
This paper presents research related to brokerage
systems, energy efficiency and security in the cloud
with the weaknesses and drawbacks of current
approaches. It highlights the key features that must
be available in multi-cloud-based brokerage systems.
As yet, most brokers are not sufficiently developed
to work with other heterogeneous platforms and
infrastructures, which is an essential feature for a
multi-cloud service broker. Furthermore, most of the
research has yet to consider energy consumption in
multi-cloud environments. In order to minimise the
energy which is consumed by cloud parties in
sending and receiving data, we have proposed a
model that seeks to solve energy consumption issues
in broker systems, and provides a high QoS based on
the SLA. Moreover, we present a security model
aims to protect the proposed multi-cloud framework.
Future work should focus on designing and
developing a novel software- defined broker
framework for multi-cloud based service selection
and delivery. This necessitates understanding how
cloud services are described and how they behave in
different data centre platforms and infrastructures to
enable brokers to choose and prioritise these services
based on users’ needs.
8. References [1] F. Larumbe and B. Sansò, “Optimal Location of Data Centers and Software Components in Cloud Computing Network Design,” 12th IEEE/ACM Int. Symp. Clust. Cloud Grid Comput. (ccgrid 2012), pp. 841–844, May 2012.
[2] R. N. Calheiros, A. N. Toosi, C. Vecchiola, and R. Buyya, “A coordinator for scaling elastic applications across multiple clouds,” Futur. Gener. Comput. Syst., vol. 28, no. 8, pp. 1350–1362, Oct. 2012.
[3] J. L. X.-G. L. X.-M. Z. F. Z. B.-N. Li, “Job Scheduling Model for Cloud Computing Based on Multi- Objective Genetic Algorithm,” Int. J. Comput. Sci. Issues, vol. Vol. 10, no. 1, p. p134, 2013.
[4] A. Kertesz, G. Kecskemeti, A. Marosi, M. Oriol, X. Franch, and J. Marco, “Integrated Monitoring Approach for Seamless Service Provisioning in Federated Clouds,” in 20th Euromicro International Conference on Parallel, Distributed and Network-based Processing, 2012, pp. 567–574.
[5] F. Liu, J. Tong, J. Mao, R. Bohn, J. Messina, L. Badger, and D. Leaf, “NIST Cloud Computing Reference Architecture Recommendations of the National Institute of Standards and Technology,” Cloud Comput. Program, Inf. Technol. Lab., 2011.
[6] L. Wood, “Research and Markets: Global Cloud Services Brokerage Market 2014-2018: Capgemini S.A., Dell Inc., IBM Corp., Jamcracker Inc. and Liasion Technologies Dominate the Industry,” Reuters, US Edition, 2014.
International Journal of Intelligent Computing Research (IJICR), Volume 6, Issue 4, December 2015
Copyright © 2015, Infonomics Society 638
[7] Gartner, “Cloud Computing,” 2014. [Online]. Available: http://www.gartner.com/technology/topics/cloud-computing.jsp. [Accessed: 20-Nov-2015].
[8] M. M. Hasan and H. T. Mouftah, “Cloud-based security services for the smart grid,” Proc. 2013 Conf. Cent. Adv. Stud. Collab. Res. (CASCON ’13), pp. 388–391, Nov. 2013.
[9] K. Stouffer, J. Falco, and K. Scarfone, “Guide to Industrial Control Systems ( ICS ) Security Recommendations of the National Institute of Standards and Technology,” NIST Spec. Publ., no. 800–82, pp. 1–157, 2011.
[10] R. Buyya, R. Ranjan, and R. N. Calheiros, “InterCloud: utility-oriented federation of cloud computing environments for scaling of application services,” 10th Int. Conf. Algorithms Archit. Parallel Process., vol. 6081, pp. 13–31, May 2010.
[11] Y. Yang, Y. Zhou, L. Liang, D. He, and Z. Sun, “A Sevice-Oriented Broker for Bulk Data Transfer in Cloud Computing,” 2010 Ninth Int. Conf. Grid Cloud Comput., pp. 264–269, Nov. 2010.
[12] S. Gatziu, T. Kumar, and W. Holger, “Cloud Broker: Bringing Intelligence into the Cloud An Event-Based Approach,” IEEE Intl. Conf. Cloud Comput. Miami, Florida, pp. 6–7, 2010.
[13] M. Usha, J. Akilandeswari, and A. S. S. Fiaz, “An Efficient QoS Framework for Cloud Brokerage Services,” in International Symposium on Cloud and Services Computing, 2012, pp. 76–79.
[14] M. Baruwal Chhetri, S. Chichin, Q. Bao Vo, and R. Kowalczyk, “Smart Cloud Broker: Finding your home in the clouds,” IEEE/ACM Int. Conf. Autom. Softw. Eng., pp. 698–701, Nov. 2013.
[15] M. Hamze, N. Mbarek, and O. Togni, “Autonomic Brokerage Service for an End-to-End Cloud Networking Service Level Agreement,” 2014 IEEE 3rd Symp. Netw. Cloud Comput. Appl. (ncca 2014), pp. 54–61, Feb. 2014.
[16] S.-M. Han, M. M. Hassan, C.-W. Yoon, and E.-N. Huh, “Efficient service recommendation system for cloud computing market,” in Proceedings of the 2nd International Conference on Interaction Sciences Information Technology, Culture and Human - ICIS ’09, 2009, pp. 839–845.
[17] M. Gattulli, M. Tornatore, R. Fiandra, and A. Pattavina, “Low-carbon routing algorithms for cloud computing services in IP-over-WDM networks,” EEE Int. Conf. Commun., pp. 2999–3003, Jun. 2012.
[18] B. Kantarci and H. T. Mouftah, “Optimal Reconfiguration of the Cloud Network for Maximum Energy Savings,” in th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (ccgrid 2012), 2012, pp. 835–840.
[19] F. Satoh, H. Yanagisawa, H. Takahashi, and T. Kushida, “Total Energy Management System for Cloud Computing,” in IEEE International Conference on Cloud Engineering (IC2E), 2013, pp. 233–240.
[20] H. Goudarzi and M. Pedram, “Energy-Efficient Virtual Machine Replication and Placement in a Cloud Computing System,” in IEEE Fifth International Conference on Cloud Computing, 2012, pp. 750–757.
[21] N. Santos, K. P. Gummadi, and R. Rodrigues, “Towards trusted cloud computing,” Proc. 2009 Conf. Hot Top. cloud Comput., p. 3, Jun. 2009.
[22] F. Lombardi and R. Di Pietro, “Secure virtualization for cloud computing,” J. Netw. Comput. Appl., vol. 34, no. 4, pp. 1113–1122, Jul. 2011.
[23] P. Gourbesville, J. Batica, J. Y. Tigli, S. Lavirotte, G. Rey, and D. K. Raju, “Flood warning systems and ubiquitous computing,” La Houille Blanche, no. 6, pp. 11–16, 2013.
[24] T. Baker, Y. Ngoko, R. Tolosana-Calasanz, O. F. Rana, and M. Randles, “Energy Efficient Cloud Computing Environment via Autonomic Meta-director Framework,” in 6th International Conference on Developments in eSystems Engineering, 2013, pp. 198–203.
[25] J. Baliga, R. W. A. Ayre, K. Hinton, and R. S. Tucker, “Green Cloud Computing: Balancing Energy in Processing, Storage, and Transport,” Proc. IEEE, vol. 99, no. 1, pp. 149–167, Jan. 2011.
[26] T. Baker, M. Mackay, A. Shaheed, and B. Aldawsari, “Security-Oriented Cloud Platform for SOA-Based SCADA,” in 2015 15th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing, 2015, pp. 961–970.
[27] A. Pras, A. Sperotto, G. C. M. Moura, I. Drago, R. Barbosa, R. Sadre, R. Schmidt, and R. Hofstede, “Attacks by ‘ Anonymous ’ WikiLeaks Proponents not Anonymous,” pp. 1–10, 2010.
International Journal of Intelligent Computing Research (IJICR), Volume 6, Issue 4, December 2015
Copyright © 2015, Infonomics Society 639